185.220.101.27

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 185.220.101.27

Classification: Tor Exit Node Infrastructure

Risk Assessment: Moderate Risk (59/100)

Date of Analysis: 2026-06-24

---

## EXECUTIVE SUMMARY

IP address 185.220.101.27 is identified as a Tor exit node operating from Berlin, Germany under ASN 60729 (ARTIKEL10-MNT). The IP exhibits moderate risk characteristics with Tor exit node indicators confirmed through multiple threat feeds. The subnet demonstrates elevated abuse density (40.14%) with 57 out of 142 sibling IPs flagged as threats.

---

## NETWORK PROFILE

Ownership & Infrastructure:

ASN: 60729 (ARTIKEL10-MNT)
RIR: RIPE (Germany)
Network Block: 185.220.101.0/24
Hostname: berlin01.tor-exit.artikel10.org
PTR Record: berlin01.tor-exit.artikel10.org

Classification Flags:

Tor Exit Node: YES
Open Ports: None detected
Services: Firewall protected / No services exposed
CDN/Cloud/Proxy: No indicators

---

## THREAT INDICATORS

Primary Indicators:

Tor exit node indicators observed in multiple threat feeds
DNSBL listings: 2 of 8 total blacklists (including high-severity listings)
Reputation Sources: Tor network association

Abuse Metrics:

Risk Score: 59/100 (Moderate)
Abuse Confidence Score: Not applicable (Tor infrastructure)
Threat Persistence: 0 days (non-malicious persistence indicator)
Known Campaigns: None correlated

---

## TEMPORAL ANALYSIS

Observation History: 48 historical observations recorded

Recent signal classifications: "Minimal" risk
DNSBL listings observed: 2 total
Ownership changes: 0
Threat observation count: 1
Risk trajectory: Stable with no escalation indicators

---

## SUBNET CONTEXT

185.220.101.0/24 Neighborhood Analysis:

Total Siblings: 142
Active Siblings: 28
Threat Siblings: 57
Abuse Density: 40.14%
Classification: Mixed (1 high, 97 medium, 2 low risk)

Implications: The subnet operates mixed-use infrastructure with significant Tor node concentration. Contextual analysis indicates this IP is part of a larger anonymization network infrastructure.

---

## RELATIONSHIP GRAPH

Associated Entities (165 relationships):

Network: ARTIKEL10 (primary)
DNS: berlin01.tor-exit.artikel10.org (confirmed)
Multiple Tor exit node associations

---

## RECOMMENDED ACTIONS

Immediate:

1. Enhanced Logging: Increase logging verbosity for all traffic from this IP range

2. Access Control: Consider enhanced verification procedures for anonymous traffic

3. Blocking Decision: Evaluate blocking based on organizational policy regarding Tor traffic

Firewall Rules Provided:

`iptables -A INPUT -s 185.220.101.27 -j DROP`
`nft add rule inet filter input ip saddr 185.220.101.27 drop`
`nginx deny 185.220.101.27;`

Monitoring:

Monitor for behavioral changes in anonymous traffic patterns
Track DNSBL listing status changes
Review correlation with other ARTIKEL10 infrastructure

---

Analysis Notes: This IP represents legitimate Tor exit node infrastructure rather than active malicious activity. Risk rating reflects Tor network abuse potential rather than confirmed attacks. SOC teams should balance blocking considerations against legitimate use case requirements.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	BE
City	Berlin
Timezone	Europe/Berlin
Latitude	51.77
Longitude	11.77

🏢 Ownership & Registration

Organization	ARTIKEL10-MNT
ASN	AS60729
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	berlin01.tor-exit.artikel10.org
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`berlin01.tor-exit.artikel10.org`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	3
routing	13%	1	1
services	8%	1	1
ownership	24%	2	3
reputation	26%	1	3
geolocation	27%	2	3
Overall	21%	9	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-22 13:35:43 UTC
Last Seen	2026-06-26 21:06:49 UTC
Profile Built	2026-06-27 17:12:01 UTC
Data Freshness	Live
Signal Types	21
Total Observations	50

🔍 21 signal types · 50 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

185.220.101.27📋 Copy